3 replies

Forbid all but one field using field policies

Hello, I need to forbid Anonymous actor access to all fields but id and

status

status

status

status. Basically it's needed for some calulcations but we don't want him to have access to any other data. So I've tried using policies like this:

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

  field_policies do
    field_policy :status do
      authorize_if always()
    end

    field_policy :* do
      forbid_if Checks.IsAnonymousActor
      authorize_if always()
    end
  end

But this seems to not be working, probably because for

status

status

status

status filed Ash checks policies from both

status

status

status

status and

:*

:*

:*

:*. Is there any way to achieve that?

Forbid all but one field using field policies

Similar Threads

Similar Threads

Similar Threads